Constrained Delegation with certificate and GSS API
puran157 at gmail.com
Wed May 6 00:25:25 EDT 2020
I see 'gss_acquire_cred_impersonate_name' should be used to obtain
impersonation token on behalf of user and the API expects
User-Principal-Name 'gss_name_t' as input to identify the user.
I was wondering if there is similar API to perform same with
user-certificate this time instead of UPN.
I hope it should send a AS-REQ with PA-DATA P4-S4U-X509-USER with
certificate (with my limited knowledge).
If there isn't any API, I would be happy to work upon this.
Let me know where to start.
More information about the krbdev